“I blacklisted it,” he replied.
For three weeks, the campus internet had been dying. Every day at 2:00 PM, latency spiked to 2,000ms. Video lectures froze. The library’s VOIP phones clicked and stuttered. The provost was furious.
He pulled up the physical location. Server room B, rack 4. The machine wasn't in a dorm. It was an official university server.
He disconnected the Ethernet cable.
She smiled. “Let’s negotiate.” Blacklists only work against honest mistakes. Against determination, they are just a list of suggestions. True security is not blocking the traffic—it is understanding the human who sent it.
Marcus had two choices. He could throttle all HTTPS traffic to 1 Mbps, which would break the entire university’s ability to use the internet. Or he could find the machine.
The firewall logs showed the culprit: a torrent of traffic flooding the upstream link. But it wasn't the usual BitTorrent noise—movies or games. This was different. The destination IPs were scattered, the packets were tiny, and the source was a single machine in the biology department: static IP 10.12.42.19 . Blacklist Torrent
He sent an email to the biology department: “To the owner of node 10.12.42.19: We need to talk about your backup strategy. Coffee tomorrow at 9?”
Marcus had already run the standard playbook. He’d added every public BitTorrent tracker to the university’s blacklist. He’d blocked the common ports: 6881-6889, 6969, and DHT ports. He’d even deployed layer-7 deep packet inspection to sniff out the BitTorrent handshake. The firewall was a fortress.
The next morning, the network was clean. And at 9:05 AM, an elderly woman with wild grey hair and a laptop bag full of Ethernet adapters sat down across from him. “I blacklisted it,” he replied
He pulled the packet capture. He expected to see encrypted uTP or µTP traffic. Instead, he saw a flood of HTTPS requests to a legitimate cloud storage CDN. GET /video/segment_001.ts . POST /upload/cache_chunk . It looked like a Netflix stream. It looked like a Zoom call.
He took the NUC back to his desk. On the drive, he found a single file: a README.txt . "Project TorrentSeed_Global. This node is part of a distributed backup system for climate simulation data. The data is public domain. The university firewall blacklists our tracker by domain. We do not care. We will route around your damage. If you unplug this node, three other nodes in the library will activate in 60 seconds. We are the archive. You cannot blacklist us all." Marcus stared at the screen. He wasn't fighting a pirate. He was fighting a ghost in the machine—a shadow IT project run by a tenured climatologist who had grown tired of asking for budget for proper cloud storage.
Instead, he wrote a new firewall rule: Rate-limit unknown WebRTC to 10 Mbps per device. It wasn't a blacklist. It was a compromise. Video lectures froze
“How?” he muttered.
He didn't re-plug the NUC. But he didn't delete the file, either.